Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Choose IP address pool based on username

Reply
Thread Tools

Choose IP address pool based on username

 
 
Michael Burkey
Guest
Posts: n/a
 
      10-16-2003
I have a Cisco 3640, IOS 12.2. I am using local aaa suthentication
for our dial-up users that connect to an ISDN PRI. I'd like to know if
it is possible to, based on the username, choose different pools of
IPs.

Thanks,

Michael
 
Reply With Quote
 
 
 
 
Aaron Leonard
Guest
Posts: n/a
 
      10-17-2003
On 16 Oct 2003 10:53:18 -0700, http://www.velocityreviews.com/forums/(E-Mail Removed) (Michael Burkey) wrote:

~ I have a Cisco 3640, IOS 12.2. I am using local aaa suthentication
~ for our dial-up users that connect to an ISDN PRI. I'd like to know if
~ it is possible to, based on the username, choose different pools of
~ IPs.
~
~ Thanks,
~
~ Michael

You can do it with dialer profiles; the downside is that
you would have to configure a separate dialer profile for
each user. E.g.

int serial 0:23
ppp authen pap chap callin
dialer pool-member 1
int dialer 1
ppp authen pap chap callin
dialer pool 1
dialer remote-name USER1
peer default ip address pool GROUP1
int dialer 2
dialer remote-name USER2
peer default ip address pool GROUP2

As an optimization, you could have the most
numerous group of users not bind to dialer
profiles, but instead use virtual profiles:

virtual-profile virtual-template 1
interface virtual-template 1
ppp authen pap chap callin
peer default ip address pool GROUP1

The users who need to use other address
pools would get per-user dialer profiles.

Aaron
 
Reply With Quote
 
 
 
 
Michael Burkey
Guest
Posts: n/a
 
      10-20-2003
Aaron,

Maybe this information would help. I did enable the Virtual Profiles,
but the Dialer Profiles doesn't seem to be in effect.

SHOW VER:

Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3640-IK8O3S-M), Version 12.2(2)T, RELEASE
SOFTWARE (fc1)
TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Sat 02-Jun-01 20:26 by ccai
Image text-base: 0x600089A8, data-base: 0x614B8000

ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE
SOFTWARE (fc1)
ROM: 3600 Software (C3640-IK8O3S-M), Version 12.2(2)T, RELEASE
SOFTWARE (fc1)

BSDROUTER uptime is 2 weeks, 5 hours, 59 minutes
System returned to ROM by reload at 15:01:12 UTC Mon Oct 6 2003
System image file is "flash:c3640-ik8o3s-mz.122-2.T.bin"

cisco 3640 (R4700) processor (revision 0x00) with 59392K/6144K bytes
of memory.
Processor board ID 19277400
R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
MICA-6DM Firmware: CP ver 2730 - 5/23/2001, SP ver 2730 - 5/23/2001.
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
Primary Rate ISDN software, Version 1.1.
1 FastEthernet/IEEE 802.3 interface(s)
49 Serial network interface(s)
48 terminal line(s)
2 Channelized T1/PRI port(s)
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
2048K bytes of processor board PCMCIA Slot0 flash (Read/Write)

Configuration register is 0x2102


SHOW RUN:

version 12.2
no parser cache
no service single-slot-reload-enable
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXXXXXXXXXX
!
no logging buffered
logging rate-limit console 10 except errors
no logging console
logging monitor notifications
aaa new-model
aaa authentication login default local-case
aaa authentication ppp default local
enable secret 5 XXXXXXXXXXX
!
username mburkey password 7 XXXXXXXXXXXXXXX
!
!
ip subnet-zero
no ip source-route
ip cef
!
!
no ip domain-lookup
ip name-server XXX.XXX.XXX.XXX
ip name-server XXX.XXX.XXX.XXX
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
no ip dhcp-client network-discovery
virtual-profile virtual-template 1
virtual-profile aaa
!
class-map match-any http-hacks
match protocol http url "*root.exe*"
match protocol http url "*default.ida*"
match protocol http url "*x.ida*"
match protocol http url "*cmd.exe*"
match protocol http url "*_vti_bin*"
match protocol http url "*_mem_bin*"
match protocol http mime "*readme.exe*"
match protocol http mime "*readme.eml*"
match protocol http url "*popup*"
match protocol http url "*popunder*"
!
!
policy-map drop-inbound-http-hacks
class http-hacks
set ip dscp 1
!
async-bootp gateway XXX.XXX.XXX.XXX
!
isdn switch-type primary-dms100
isdn voice-call-failure 0
modemcap entry gary:MSC=&F&D2S34=18000S40=10S54=172S53=1
call rsvp-sync
!
!
!
!
!
!
!
controller T1 0/0
framing esf
linecode b8zs
pri-group timeslots 1-24
!
controller T1 0/1
framing esf
linecode b8zs
pri-group timeslots 1-24
!
!
!
interface Tunnel1
no ip address
!
interface Serial0/0:23
ip unnumbered FastEthernet3/0.100
encapsulation ppp
dialer pool-member 1
isdn switch-type primary-dms100
isdn incoming-voice modem
no peer default ip address
fair-queue 64 256 0
no cdp enable
ppp authentication chap
ppp multilink
!
interface Serial0/1:23
ip unnumbered FastEthernet3/0.100
encapsulation ppp
dialer pool-member 1
isdn switch-type primary-dms100
isdn incoming-voice modem
no peer default ip address
fair-queue 64 256 0
no cdp enable
ppp authentication chap
ppp multilink
!
interface FastEthernet3/0
no ip address
duplex auto
speed auto
!
interface FastEthernet3/0.1
encapsulation dot1Q 10
ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
!
interface FastEthernet3/0.100
encapsulation dot1Q 100
ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
!
interface Serial3/0
no ip address
encapsulation frame-relay
ip route-cache flow
no ip mroute-cache
no fair-queue
service-module t1 timeslots 1-24
frame-relay lmi-type ansi
!
interface Serial3/0.16 point-to-point
ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
no ip mroute-cache
ip policy route-map null_policy_route
service-policy input drop-inbound-http-hacks
frame-relay interface-dlci 16
!
interface Serial3/0.100 point-to-point
ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
no ip mroute-cache
frame-relay interface-dlci 100 IETF
!
interface Serial3/0.101 point-to-point
ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
no ip mroute-cache
frame-relay interface-dlci 101
!
interface Virtual-Template1
ip unnumbered FastEthernet3/0.100
peer default ip address pool GROUP1
ppp authentication chap
ppp multilink
!
interface Group-Async1
no ip address
ip access-group 150 out
encapsulation ppp
no ip mroute-cache
async mode interactive
no peer default ip address
ppp authentication chap
group-range 33 56
!
interface Group-Async2
no ip address
ip access-group 150 out
encapsulation ppp
no ip mroute-cache
async mode interactive
no peer default ip address
ppp authentication chap
group-range 65 88
!
interface Dialer1
ip unnumbered FastEthernet3/0.1
encapsulation ppp
peer default ip address pool GROUP2
no cdp enable
ppp authentication chap
ppp multilink
!
ip local pool GROUP1 XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
ip local pool GROUP2 XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
ip classless
ip route XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
ip route XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
ip route XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
ip route XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
!
route-map null_policy_route permit 10
match ip address 106
set interface Null0
!
dial-peer cor custom
!
line 33 56
modem Dialin
modem autoconfigure type gary
autoselect during-login
autoselect ppp
line 65 88
modem Dialin
modem autoconfigure type gary
autoselect during-login
autoselect ppp
!
ntp clock-period 17179705
ntp server XXX.XXX.XXX.XXX
!
end


Aaron Leonard <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>. ..
> On 16 Oct 2003 10:53:18 -0700, (E-Mail Removed) (Michael Burkey) wrote:
>
> ~ I have a Cisco 3640, IOS 12.2. I am using local aaa suthentication
> ~ for our dial-up users that connect to an ISDN PRI. I'd like to know if
> ~ it is possible to, based on the username, choose different pools of
> ~ IPs.
> ~
> ~ Thanks,
> ~
> ~ Michael
>
> You can do it with dialer profiles; the downside is that
> you would have to configure a separate dialer profile for
> each user. E.g.
>
> int serial 0:23
> ppp authen pap chap callin
> dialer pool-member 1
> int dialer 1
> ppp authen pap chap callin
> dialer pool 1
> dialer remote-name USER1
> peer default ip address pool GROUP1
> int dialer 2
> dialer remote-name USER2
> peer default ip address pool GROUP2
>
> As an optimization, you could have the most
> numerous group of users not bind to dialer
> profiles, but instead use virtual profiles:
>
> virtual-profile virtual-template 1
> interface virtual-template 1
> ppp authen pap chap callin
> peer default ip address pool GROUP1
>
> The users who need to use other address
> pools would get per-user dialer profiles.
>
> Aaron

 
Reply With Quote
 
Aaron Leonard
Guest
Posts: n/a
 
      10-27-2003
You need "dialer pool <n>" under your dialer profiles.

By the way, I should note an oddity here. If a physical
interface is a pool-member of a pool which is used by
exactly one dialer profile, then ALL calls will bind to
that dialer profile (and not to a virtual profile.) So
if you want to have multiple concurrent calls from different
clients use a given dialer pool, then you should have at least
two dialer profiles using that pool.

Aaron

---

~ Aaron,
~
~ Maybe this information would help. I did enable the Virtual Profiles,
~ but the Dialer Profiles doesn't seem to be in effect.
~
~ SHOW VER:
~
~ Cisco Internetwork Operating System Software
~ IOS (tm) 3600 Software (C3640-IK8O3S-M), Version 12.2(2)T, RELEASE
~ SOFTWARE (fc1)
~ TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support
~ Copyright (c) 1986-2001 by cisco Systems, Inc.
~ Compiled Sat 02-Jun-01 20:26 by ccai
~ Image text-base: 0x600089A8, data-base: 0x614B8000
~
~ ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE
~ SOFTWARE (fc1)
~ ROM: 3600 Software (C3640-IK8O3S-M), Version 12.2(2)T, RELEASE
~ SOFTWARE (fc1)
~
~ BSDROUTER uptime is 2 weeks, 5 hours, 59 minutes
~ System returned to ROM by reload at 15:01:12 UTC Mon Oct 6 2003
~ System image file is "flash:c3640-ik8o3s-mz.122-2.T.bin"
~
~ cisco 3640 (R4700) processor (revision 0x00) with 59392K/6144K bytes
~ of memory.
~ Processor board ID 19277400
~ R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
~ MICA-6DM Firmware: CP ver 2730 - 5/23/2001, SP ver 2730 - 5/23/2001.
~ Bridging software.
~ X.25 software, Version 3.0.0.
~ SuperLAT software (copyright 1990 by Meridian Technology Corp).
~ Primary Rate ISDN software, Version 1.1.
~ 1 FastEthernet/IEEE 802.3 interface(s)
~ 49 Serial network interface(s)
~ 48 terminal line(s)
~ 2 Channelized T1/PRI port(s)
~ DRAM configuration is 64 bits wide with parity disabled.
~ 125K bytes of non-volatile configuration memory.
~ 16384K bytes of processor board System flash (Read/Write)
~ 2048K bytes of processor board PCMCIA Slot0 flash (Read/Write)
~
~ Configuration register is 0x2102
~
~
~ SHOW RUN:
~
~ version 12.2
~ no parser cache
~ no service single-slot-reload-enable
~ service timestamps debug datetime msec
~ service timestamps log datetime msec
~ service password-encryption
~ !
~ hostname XXXXXXXXXXX
~ !
~ no logging buffered
~ logging rate-limit console 10 except errors
~ no logging console
~ logging monitor notifications
~ aaa new-model
~ aaa authentication login default local-case
~ aaa authentication ppp default local
~ enable secret 5 XXXXXXXXXXX
~ !
~ username mburkey password 7 XXXXXXXXXXXXXXX
~ !
~ !
~ ip subnet-zero
~ no ip source-route
~ ip cef
~ !
~ !
~ no ip domain-lookup
~ ip name-server XXX.XXX.XXX.XXX
~ ip name-server XXX.XXX.XXX.XXX
~ !
~ ip audit notify log
~ ip audit po max-events 100
~ ip ssh time-out 120
~ ip ssh authentication-retries 3
~ no ip dhcp-client network-discovery
~ virtual-profile virtual-template 1
~ virtual-profile aaa
~ !
~ class-map match-any http-hacks
~ match protocol http url "*root.exe*"
~ match protocol http url "*default.ida*"
~ match protocol http url "*x.ida*"
~ match protocol http url "*cmd.exe*"
~ match protocol http url "*_vti_bin*"
~ match protocol http url "*_mem_bin*"
~ match protocol http mime "*readme.exe*"
~ match protocol http mime "*readme.eml*"
~ match protocol http url "*popup*"
~ match protocol http url "*popunder*"
~ !
~ !
~ policy-map drop-inbound-http-hacks
~ class http-hacks
~ set ip dscp 1
~ !
~ async-bootp gateway XXX.XXX.XXX.XXX
~ !
~ isdn switch-type primary-dms100
~ isdn voice-call-failure 0
~ modemcap entry gary:MSC=&F&D2S34=18000S40=10S54=172S53=1
~ call rsvp-sync
~ !
~ !
~ !
~ !
~ !
~ !
~ !
~ controller T1 0/0
~ framing esf
~ linecode b8zs
~ pri-group timeslots 1-24
~ !
~ controller T1 0/1
~ framing esf
~ linecode b8zs
~ pri-group timeslots 1-24
~ !
~ !
~ !
~ interface Tunnel1
~ no ip address
~ !
~ interface Serial0/0:23
~ ip unnumbered FastEthernet3/0.100
~ encapsulation ppp
~ dialer pool-member 1
~ isdn switch-type primary-dms100
~ isdn incoming-voice modem
~ no peer default ip address
~ fair-queue 64 256 0
~ no cdp enable
~ ppp authentication chap
~ ppp multilink
~ !
~ interface Serial0/1:23
~ ip unnumbered FastEthernet3/0.100
~ encapsulation ppp
~ dialer pool-member 1
~ isdn switch-type primary-dms100
~ isdn incoming-voice modem
~ no peer default ip address
~ fair-queue 64 256 0
~ no cdp enable
~ ppp authentication chap
~ ppp multilink
~ !
~ interface FastEthernet3/0
~ no ip address
~ duplex auto
~ speed auto
~ !
~ interface FastEthernet3/0.1
~ encapsulation dot1Q 10
~ ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
~ !
~ interface FastEthernet3/0.100
~ encapsulation dot1Q 100
~ ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
~ !
~ interface Serial3/0
~ no ip address
~ encapsulation frame-relay
~ ip route-cache flow
~ no ip mroute-cache
~ no fair-queue
~ service-module t1 timeslots 1-24
~ frame-relay lmi-type ansi
~ !
~ interface Serial3/0.16 point-to-point
~ ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
~ no ip mroute-cache
~ ip policy route-map null_policy_route
~ service-policy input drop-inbound-http-hacks
~ frame-relay interface-dlci 16
~ !
~ interface Serial3/0.100 point-to-point
~ ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
~ no ip mroute-cache
~ frame-relay interface-dlci 100 IETF
~ !
~ interface Serial3/0.101 point-to-point
~ ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
~ no ip mroute-cache
~ frame-relay interface-dlci 101
~ !
~ interface Virtual-Template1
~ ip unnumbered FastEthernet3/0.100
~ peer default ip address pool GROUP1
~ ppp authentication chap
~ ppp multilink
~ !
~ interface Group-Async1
~ no ip address
~ ip access-group 150 out
~ encapsulation ppp
~ no ip mroute-cache
~ async mode interactive
~ no peer default ip address
~ ppp authentication chap
~ group-range 33 56
~ !
~ interface Group-Async2
~ no ip address
~ ip access-group 150 out
~ encapsulation ppp
~ no ip mroute-cache
~ async mode interactive
~ no peer default ip address
~ ppp authentication chap
~ group-range 65 88
~ !
~ interface Dialer1
~ ip unnumbered FastEthernet3/0.1
~ encapsulation ppp
~ peer default ip address pool GROUP2
~ no cdp enable
~ ppp authentication chap
~ ppp multilink
~ !
~ ip local pool GROUP1 XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
~ ip local pool GROUP2 XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
~ ip classless
~ ip route XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
~ ip route XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
~ ip route XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
~ ip route XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
~ !
~ route-map null_policy_route permit 10
~ match ip address 106
~ set interface Null0
~ !
~ dial-peer cor custom
~ !
~ line 33 56
~ modem Dialin
~ modem autoconfigure type gary
~ autoselect during-login
~ autoselect ppp
~ line 65 88
~ modem Dialin
~ modem autoconfigure type gary
~ autoselect during-login
~ autoselect ppp
~ !
~ ntp clock-period 17179705
~ ntp server XXX.XXX.XXX.XXX
~ !
~ end
~
~
~ Aaron Leonard <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>. ..
~ > On 16 Oct 2003 10:53:18 -0700, (E-Mail Removed) (Michael Burkey) wrote:
~ >
~ > ~ I have a Cisco 3640, IOS 12.2. I am using local aaa suthentication
~ > ~ for our dial-up users that connect to an ISDN PRI. I'd like to know if
~ > ~ it is possible to, based on the username, choose different pools of
~ > ~ IPs.
~ > ~
~ > ~ Thanks,
~ > ~
~ > ~ Michael
~ >
~ > You can do it with dialer profiles; the downside is that
~ > you would have to configure a separate dialer profile for
~ > each user. E.g.
~ >
~ > int serial 0:23
~ > ppp authen pap chap callin
~ > dialer pool-member 1
~ > int dialer 1
~ > ppp authen pap chap callin
~ > dialer pool 1
~ > dialer remote-name USER1
~ > peer default ip address pool GROUP1
~ > int dialer 2
~ > dialer remote-name USER2
~ > peer default ip address pool GROUP2
~ >
~ > As an optimization, you could have the most
~ > numerous group of users not bind to dialer
~ > profiles, but instead use virtual profiles:
~ >
~ > virtual-profile virtual-template 1
~ > interface virtual-template 1
~ > ppp authen pap chap callin
~ > peer default ip address pool GROUP1
~ >
~ > The users who need to use other address
~ > pools would get per-user dialer profiles.
~ >
~ > Aaron

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Dynamic NAT pool doesn't report full when pool contains interface IP tom Cisco 0 10-09-2009 02:22 AM
does python have a generic object pool like commons-pool in Java Rick Lawson Python 8 07-16-2009 11:25 PM
PIX 501 issue routing between VPN pool and local pool eostrike Cisco 3 10-24-2008 09:43 PM
Timeout expired. The timeout period elapsed prior to obtaining a connection from the pool. This may have occurred because all pooled connections were in use and max pool size was reached. Guoqi Zheng ASP .Net 4 06-03-2004 06:39 PM
Webservice over HTTPS. How to choose certicicate and send username nad password??? Peter van der Veen ASP .Net Web Services 1 08-20-2003 07:58 AM



Advertisments